<p>Upgrade <code>contao/core</code> to version 2.11.17, 3.2.9 or higher.</p>

=3.0.0, <3.2.9

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PHP-CONTAOCORE-6861572
published 17 May 2024
disclosed 15 May 2024
credit Marc Reimann, CCA

Report a new vulnerability Found a mistake?

Introduced: 15 May 2024

CWE-20 Open this link in a new tab

How to fix?

Upgrade contao/core to version 2.11.17, 3.2.9 or higher.

Overview

contao/core is a Contao Open Source CMS.

Affected versions of this package are vulnerable to Improper Input Validation due to insufficient input validation. An attacker can execute arbitrary code on the server by entering a malicious URL, which can remove or change pathconfig.php, rendering the entire installation inaccessible or allowing the execution of malicious code.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

Low
User Interaction (UI)

Required

Scope (S)

Changed

Confidentiality (C)

High
Integrity (I)

High
Availability (A)

High

Improper Input Validation Affecting contao/core package, versions >=2.0.0, <2.11.17 >=3.0.0, <3.2.9

Severity

CVSS assessment made by Snyk's Security Team

Introduced: 15 May 2024

How to fix?

Overview

References

CVSS Scores

Snyk